David Litchfield, well-known within the Oracle community as one of the world’s top database security researchers, lived up to his reputation at Black Hat USA last week. He shined the light on another Oracle database security blind spot — this time how monkeying with code and permissions within Oracle indexes can lead to privilege escalation. Some other security researchers believe may have been discreetly patched by Oracle in its July 2012 quarterly CPU for Oracle 11g revision 2 databases only. The attack and vulnerability described in the talk closely resembles many Oracle vulnerabilities found today.”]
Source: https://www.darkreading.com/database-security/hacking-oracle-database-indexes